Tech Support Forum - View Single Post - Internet not working, popups, very slow computer, HJT log posted, please help!

naiart · 06-16-2008, 10:06 PM

Hello, thank you so much for your reply! Okay here are the contents of the main.txt file:

Deckard's System Scanner v20071014.68
Run by TP on 2008-06-16 23:46:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2008-06-17 03:47:08 UTC - RP586 - Deckard's System Scanner Restore Point
3: 2008-06-17 03:22:53 UTC - RP585 - System Checkpoint
2: 2008-06-16 02:44:25 UTC - RP584 - System Checkpoint
1: 2008-06-15 02:22:59 UTC - RP583 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.87 GiB (less than 15%) free.

-- HijackThis (run as TP.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:42 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\TP\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\TP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\xxyxWOgg.dll
O2 - BHO: (no name) - {39E5FD5D-355B-437B-A976-D6CE26171503} - (no file)
O2 - BHO: (no name) - {3D727430-30AE-41B2-9BC0-B00696C45F33} - C:\WINDOWS\system32\ssqRKbCr.dll
O2 - BHO: (no name) - {638EC501-5504-421A-BB69-5C2FDBBC6886} - C:\WINDOWS\system32\byXNfEWQ.dll (file missing)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [509c0b86] rundll32.exe "C:\WINDOWS\system32\asqkhjqb.dll",b
O4 - HKLM\..\Run: [BM53af381a] Rundll32.exe "C:\WINDOWS\system32\niborofo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft viri-check] viri-check.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Configs 32] msgconfigrs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft viri-check] viri-check.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\TP\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: xxyxWOgg - C:\WINDOWS\SYSTEM32\xxyxWOgg.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html

--
End of file - 7620 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080611-214735-170 O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\NERODV~1\NEROPH~1\data\Xtras\mssysmgr.exe

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - notepad.exe %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>

S3 atimtag - c:\windows\system32\drivers\atimtag.sys (file missing)
S3 ZSMC301b (lebeca web camera driver) - c:\windows\system32\drivers\usbvm31b.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ProtexisLicensing - "c:\program files\common files\protexis\license service\psiservice.exe" <Not Verified; ; PSIService>

S3 Imapi Helper - "c:\program files\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>
S4 aolsoftware - "c:\windows\qwert.exe" (file missing)
S4 dll service (windows dll service) - "c:\windows\rund1132.exe" (file missing)
S4 dllmgr64 - "c:\windows\dllmgr64.exe" (file missing)
S4 Services - c:\windows\driver~1\i386\services.exe (file missing)
S4 sysmgr64 - "c:\windows\sysmgr64.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1039&DEV_0180&SUBSYS_810E1043&REV_01\3&267A616A&0&28
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1039&DEV_0180&SUBSYS_810E1043&REV_01\3&267A616A&0&28
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

-- Scheduled Tasks -------------------------------------------------------------

2007-07-23 09:00:00 268 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 01:32:34 99840 --a------ C:\WINDOWS\system32\ybycujsf.dll
2008-06-16 01:30:30 81408 --a------ C:\WINDOWS\system32\njkvdxsp.dll
2008-06-16 01:30:23 90112 --a------ C:\WINDOWS\system32\niborofo.dll
2008-06-14 21:59:52 98304 --a------ C:\WINDOWS\system32\wnaalqjp.dll
2008-06-14 21:56:37 89600 --a------ C:\WINDOWS\system32\tecjhunf.dll
2008-06-13 21:43:14 99328 --a------ C:\WINDOWS\system32\kpsxtyap.dll
2008-06-13 21:42:57 89600 --a------ C:\WINDOWS\system32\tbkyxsvc.dll
2008-06-12 21:41:22 0 --a------ C:\WINDOWS\system32\fpdqmugq.dll
2008-06-12 21:41:13 0 --a------ C:\WINDOWS\system32\yemsltcn.dll
2008-06-11 21:27:39 0 d-------- C:\TaskKiller
2008-06-11 21:02:16 0 --a------ C:\WINDOWS\system32\jdaqntlu.dll
2008-06-11 21:02:03 0 --a------ C:\WINDOWS\system32\ndahlwas.dll
2008-06-11 21:01:12 550081 --ahs---- C:\WINDOWS\system32\rCbKRqss.ini2
2008-06-11 21:01:08 321536 --a------ C:\WINDOWS\system32\ssqRKbCr.dll
2008-06-10 20:33:58 0 d-------- C:\Program Files\SpywareBlaster
2008-06-10 19:38:25 0 --a------ C:\WINDOWS\system32\ereuxejr.dll
2008-06-09 23:48:39 478110 --ahs---- C:\WINDOWS\system32\QWEfNXyb.ini2
2008-06-09 23:43:19 59904 --a------ C:\WINDOWS\system32\xxyxWOgg.dll
2008-06-08 01

32 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2008-06-08 01

24 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2008-06-08 01

09 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-06-08 01:05:57 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-06-08 01:05:57 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-06-08 01:05:51 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-06-08 01:05:51 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-06-08 01:05:24 0 d-------- C:\Program Files\ArcSoft
2008-06-08 00:58:59 0 d-------- C:\Program Files\directx
2008-06-08 00:58:34 127038 --a------ C:\WINDOWS\Clement.exe
2008-06-08 00:58:33 2093106 --a------ C:\WINDOWS\select.exe <Not Verified; ; select Application>
2008-06-08 00:58:29 0 d-------- C:\WINDOWS\Options
2008-06-03 19:44:32 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-03 19:44:32 2521 --a------ C:\WINDOWS\unins000.dat
2008-05-22 23:16:13 0 d-------- C:\Program Files\uTorrent
2008-05-22 23:16:09 0 d-------- C:\Documents and Settings\TP\Application Data\uTorrent
2008-05-18 02:22:22 0 d-------- C:\Program Files\Intel Desktop Board Audio Driver
2008-05-17 21:28:19 0 d-------- C:\WINDOWS\system32\CatRoot_bak

-- Find3M Report ---------------------------------------------------------------

2008-06-16 21:54:54 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-14 23

26 0 d-------- C:\Documents and Settings\TP\Application Data\Lavasoft
2008-06-08 01:05:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-07 13:52:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-15 22:01:10 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-05-11 01:57:55 0 d-------- C:\Program Files\nFLVPlayer
2008-05-10 23:58:24 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-09 23:53:36 0 d-------- C:\Program Files\X-COM
2008-05-07 22:51:19 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-07 22:48:17 0 d-------- C:\Documents and Settings\TP\Application Data\AdobeUM
2008-03-19 05:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]
06/09/2008 11:43 PM 59904 --a------ C:\WINDOWS\system32\xxyxWOgg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39E5FD5D-355B-437B-A976-D6CE26171503}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D727430-30AE-41B2-9BC0-B00696C45F33}]
06/11/2008 09:01 PM 321536 --a------ C:\WINDOWS\system32\ssqRKbCr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{638EC501-5504-421A-BB69-5C2FDBBC6886}]
C:\WINDOWS\system32\byXNfEWQ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"BigDogPath"="C:\WINDOWS\VM_STI.exe" []
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [03/09/2007 12:02 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 05:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"509c0b86"="C:\WINDOWS\system32\asqkhjqb.dll" []
"BM53af381a"="C:\WINDOWS\system32\niborofo.dll" [06/16/2008 01:30 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft viri-check"=viri-check.exe
"CU1"=C:\Program Files\Common Files\VCClient\VCClient.exe
"CU2"=C:\Program Files\Common Files\VCClient\VCMain.exe
"Microsoft Configs 32"=msgconfigrs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Warning homepage

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{32341E7E-C319-46DE-91D0-E30BB1A3CABA}"= C:\WINDOWS\system32\xxyxWOgg.dll [06/09/2008 11:43 PM 59904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxWOgg]
xxyxWOgg.dll 06/09/2008 11:43 PM 59904 C:\WINDOWS\system32\xxyxWOgg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqRKbCr
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
"C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RasAuto"=3 (0x3)
"SavRoam"=3 (0x3)
"sysmgr64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe"

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-06-16 23:52:33 ------------

Thanks again for your help!